Hello there,
When you renew Enterprise CA certificate, it is automatically published to Active Directory and domain clients will automatically retrieve and install renewed CA certificates. Existing certificates will be valid until they expire.
Whether you are obtaining a new SSL certificate from a third party or from an enterprise certification authority (CA), ensure the certificate has subject alternative name entries of type DNS .
This discussion might shed some insights about your query https://social.technet.microsoft.com/Forums/windowsserver/en-US/e733b5c4-611f-4fde-84e8-8c1e18db1910/renew-issuing-ca-cert-new-key-pair?forum=winserversecurity
I hope this information helps. If you have any questions please let me know and I will be glad to help you out.
--------------------------------------------------------------------------------------------------------------------------------------
--If the reply is helpful, please Upvote and Accept it as an answer--